Add mojo::Create*SharedMemoryRegions

This adds *SharedMemoryRegion create methods that parallel those in base::. These use mojo::SharedMemoryBuffer::Create, which will use a broker if appropriate to create shared memory in unprivileged processes. Also update comments to clarify migration. Bug: 872778 Change-Id: Ia32da8181fd37d88a49a26e3e7e158612147646b Reviewed-on: https://chromium-review.googlesource.com/1169602Reviewed-by: Daniel Cheng <dcheng@chromium.org> Reviewed-by: Ken Rockot <rockot@chromium.org> Commit-Queue: Matthew Cary <mattcary@chromium.org> Cr-Commit-Position: refs/heads/master@{#585068}

Add mojo::Create*SharedMemoryRegions
This adds *SharedMemoryRegion create methods that parallel those in base::. These use mojo::SharedMemoryBuffer::Create, which will use a broker if appropriate to create shared memory in unprivileged processes. Also update comments to clarify migration. Bug: 872778 Change-Id: Ia32da8181fd37d88a49a26e3e7e158612147646b Reviewed-on: https://chromium-review.googlesource.com/1169602Reviewed-by: Daniel Cheng <dcheng@chromium.org> Reviewed-by: Ken Rockot <rockot@chromium.org> Commit-Queue: Matthew Cary <mattcary@chromium.org> Cr-Commit-Position: refs/heads/master@{#585068}
3db31de0 · Matthew Cary · Commit Bot · 1501aabf · 3db31de0 · 3db31de0
Commit 3db31de0 authored Aug 22, 2018 by Matthew Cary Committed by Commit Bot Aug 22, 2018
7 changed files
--- a/base/memory/read_only_shared_memory_region.h
+++ b/base/memory/read_only_shared_memory_region.h
@@ -32,6 +32,12 @@ class BASE_EXPORT ReadOnlySharedMemoryRegion {
  // This means that the caller's process is the only process that can modify
  // the region content. If you need to pass write access to another process,
  // consider using WritableSharedMemoryRegion or UnsafeSharedMemoryRegion.
+  //
+  // This call will fail if the process does not have sufficient permissions to
+  // create a shared memory region itself. See
+  // mojo::CreateReadOnlySharedMemoryRegion in
+  // mojo/public/cpp/base/shared_memory_utils.h for creating a shared memory
+  // region from a an unprivileged process where a broker must be used.
  static MappedReadOnlyRegion Create(size_t size);
  // Returns a ReadOnlySharedMemoryRegion built from a platform-specific handle

--- a/base/memory/unsafe_shared_memory_region.h
+++ b/base/memory/unsafe_shared_memory_region.h
@@ -31,6 +31,12 @@ class BASE_EXPORT UnsafeSharedMemoryRegion {
  using MappingType = WritableSharedMemoryMapping;
  // Creates a new UnsafeSharedMemoryRegion instance of a given size that can be
  // used for mapping writable shared memory into the virtual address space.
+  //
+  // This call will fail if the process does not have sufficient permissions to
+  // create a shared memory region itself. See
+  // mojo::CreateUnsafeSharedMemoryRegion in
+  // mojo/public/cpp/base/shared_memory_utils.h for creating a shared memory
+  // region from a an unprivileged process where a broker must be used.
  static UnsafeSharedMemoryRegion Create(size_t size);
  // Returns an UnsafeSharedMemoryRegion built from a platform-specific handle

--- a/base/memory/writable_shared_memory_region.h
+++ b/base/memory/writable_shared_memory_region.h
@@ -28,6 +28,12 @@ class BASE_EXPORT WritableSharedMemoryRegion {
  // Creates a new WritableSharedMemoryRegion instance of a given
  // size that can be used for mapping writable shared memory into the virtual
  // address space.
+  //
+  // This call will fail if the process does not have sufficient permissions to
+  // create a shared memory region itself. See
+  // mojo::CreateWritableSharedMemoryRegion in
+  // mojo/public/cpp/base/shared_memory_utils.h for creating a shared memory
+  // region from a an unprivileged process where a broker must be used.
  static WritableSharedMemoryRegion Create(size_t size);
  // Returns a WritableSharedMemoryRegion built from a platform handle that was

--- a/mojo/public/cpp/base/BUILD.gn
+++ b/mojo/public/cpp/base/BUILD.gn
@@ -10,6 +10,8 @@ component("base") {
  sources = [
    "big_buffer.cc",
    "big_buffer.h",
+    "shared_memory_utils.cc",
+    "shared_memory_utils.h",
  ]
  defines = [ "IS_MOJO_BASE_IMPL" ]

--- a/mojo/public/cpp/base/shared_memory_utils.cc
+++ b/mojo/public/cpp/base/shared_memory_utils.cc
+// Copyright 2018 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+#include "mojo/public/cpp/base/shared_memory_utils.h"
+#include "base/memory/shared_memory_mapping.h"
+#include "mojo/public/cpp/system/buffer.h"
+#include "mojo/public/cpp/system/platform_handle.h"
+namespace mojo {
+base::MappedReadOnlyRegion CreateReadOnlySharedMemoryRegion(size_t size) {
+  auto writable_region = CreateWritableSharedMemoryRegion(size);
+  if (!writable_region.IsValid())
+    return {};
+  base::WritableSharedMemoryMapping mapping = writable_region.Map();
+  return {base::WritableSharedMemoryRegion::ConvertToReadOnly(
+              std::move(writable_region)),
+          std::move(mapping)};
+}
+base::UnsafeSharedMemoryRegion CreateUnsafeSharedMemoryRegion(size_t size) {
+  auto writable_region = CreateWritableSharedMemoryRegion(size);
+  if (!writable_region.IsValid())
+    return base::UnsafeSharedMemoryRegion();
+  return base::WritableSharedMemoryRegion::ConvertToUnsafe(
+      std::move(writable_region));
+}
+base::WritableSharedMemoryRegion CreateWritableSharedMemoryRegion(size_t size) {
+  mojo::ScopedSharedBufferHandle handle =
+      mojo::SharedBufferHandle::Create(size);
+  if (!handle.is_valid())
+    return base::WritableSharedMemoryRegion();
+  return mojo::UnwrapWritableSharedMemoryRegion(std::move(handle));
+}
+}  // namespace mojo
--- a/mojo/public/cpp/base/shared_memory_utils.h
+++ b/mojo/public/cpp/base/shared_memory_utils.h
+// Copyright 2018 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+#ifndef MOJO_PUBLIC_CPP_BASE_SHARED_MEMORY_UTILS_H_
+#define MOJO_PUBLIC_CPP_BASE_SHARED_MEMORY_UTILS_H_
+#include "base/component_export.h"
+#include "base/memory/read_only_shared_memory_region.h"
+#include "base/memory/unsafe_shared_memory_region.h"
+#include "base/memory/writable_shared_memory_region.h"
+namespace mojo {
+// These creation methods are parallel to the base::*SharedMemoryRegion::Create
+// methods. These methods should be used instead of the base:: ones to create
+// shared memory in an unprivileged context, in which case a broker in a
+// privileged process will be used to create the region.
+//
+// IsValid() should be checked on the return value of the following methods to
+// determine if the creation was successful.
+COMPONENT_EXPORT(MOJO_BASE)
+base::MappedReadOnlyRegion CreateReadOnlySharedMemoryRegion(size_t size);
+COMPONENT_EXPORT(MOJO_BASE)
+base::UnsafeSharedMemoryRegion CreateUnsafeSharedMemoryRegion(size_t size);
+COMPONENT_EXPORT(MOJO_BASE)
+base::WritableSharedMemoryRegion CreateWritableSharedMemoryRegion(size_t size);
+}  // namespace mojo
+#endif  // MOJO_PUBLIC_CPP_BASE_SHARED_MEMORY_UTILS_H_
--- a/mojo/public/cpp/system/buffer.h
+++ b/mojo/public/cpp/system/buffer.h
@@ -55,6 +55,13 @@ class MOJO_CPP_SYSTEM_EXPORT SharedBufferHandle : public Handle {
  // Copying and assignment allowed.
  // Creates a new SharedBufferHandle. Returns an invalid handle on failure.
+  //
+  // Note for those converting legacy shared memory to the
+  // base::*SharedMemoryRegion API: if SharedBufferHandle::Create is used for
+  // your shared memory regions, the mojo::Create*SahredMemoryRegion methods in
+  // mojo/public/cpp/base/shared_memory_utils.h should be used. These know how
+  // to use a broker to create regions in unprivileged contexts in the same way
+  // as this SharedBufferHandle::Create method.
  static ScopedSharedBufferHandle Create(uint64_t num_bytes);
  // Clones this shared buffer handle. If |access_mode| is READ_ONLY or this is